Cisco ACI Solves All Your Data Center Network Problems

Cisco is launching its Application Centric Infrastructure (ACI) today, prompting a whirlwind of competitor announcements and keeping industry watchers perched on the edges of their seats. Does the platform, built on Cisco subsidiary Insieme's architecture, live up to all the anticipation and revolutionize SDN? Well, the ACI strategy has strengths and weaknesses. Let's start with an overview of ACI and its strengths.

The opening pitch for Cisco ACI starts with two key points. First, the statistics show only 21% of data center workloads are virtualized today and 42% of those customers have multiple hypervisor vendors. Because of this, Cisco maintains that hypervisor-based overlay networking does not address the real requirements that customers have. The second point is that networking has not yet lived up to its service potential to the business, and network value must be improved upon. Enter Cisco ACI as an open approach for software-defined networking (SDN).

Most readers will be familiar with the concept of controller-based networking and how flow management allows for coarse-grained control of network traffic. Cisco ACI uses these concepts to create a network-wide solution encompassing physical AND virtual networks by tightly integrating the controller, application, device firmware and physical hardware.

Cisco has also developed a new policy-driven application engine named the Application Policy Infrastructure Controller (APIC). The APIC is intended to use existing open standards -- both southbound and northbound -- in addition to its own proprietary extensions for Cisco hardware. That is, the APIC offers support for OpenFlow, OVSDB, onePK and NetConf, in addition to the new protocols developed by Insieme. Cisco went to great pains to point out that it will support all protocol options and support all open protocols. The APIC information model will also be available to a wide range of third parties so that the partners can integrate and enhance the value of the network as a fundamental technology.

APIC is tightly integrated with physical network devices through enhanced device firmware. This allows metadata from the physical network to be gathered to perform orchestration of physical network endpoints. For virtual networking, Cisco will be leveraging the existing Nexus 1000 product to integrate with VMware, Hyper-V and KVM hypervisor platforms and extract server and application metadata.

Cisco is announcing another switching platform that is able to work with the APIC controller and provide ACI functions. The Nexus 9000 product family uses Broadcom Trident 2 merchant silicon to provide 10 Gigabit and 40 Gigabit Ethernet switching. As a technology, the hardware has little to differentiate it from competitors besides its size and the fact that it doesn't use Cisco's own switch silicon. Compared to other Cisco products, it consumes less power, space and is much lower cost.

The Nexus 9000 switches use an overhauled version of the NX-OS software that combines with Broadcom Trident silicon to provide the connectivity and orchestration between the virtual network and the physical network. NX-OS Plus delivers the necessary API support for the APIC to query and update the device. It also enables greater control of the flows and functions in the device through the use of customized software drivers for Trident 2 silicon.

My view is that customers should focus on the fixed format switches that are also rolling out and deploy scalable Layer 3 ECMP designs at much less cost. The Nexus 9000 chassis is oversized for all but largest data centers. These new Nexus 9300 top-of-rack switches will easily replace most of the older and tired Catalyst 4500 and 6500 switches in the data center. At a physical level, the port density and forwarding performance is similar to other Trident 2 products on the market. Check out the data sheets for details.

More on NX-OS Plus and Network Protocols

Cisco is also releasing yet another software train where "NX-OS Plus forms the basis of the operating system in the Nexus 9000" and provides the software interfaces for network function. This NX-OS Plus firmware seems to be an overhauled version of NX-OS created by Insieme during its startup phase. NX-OS Plus provides the API support for APIC and deeper integration with the silicon to provide the necessary control functions over ternary content addressable memory (TCAM) and binary content addressable memory (BCAM) for flow management.

NX-OS Plus will be available for some models of existing Nexus 7000 equipment, allowing their inclusion in the APIC infrastructure stack. There were also hints that most Cisco business units are planning to enable APIC capability, although this will likely take some years to arrive.

It's my understanding that the APIC relies on proprietary extensions in network frame format. These are based on the IEEE 802.1BR standard called VNtag/VNLink and usually known as fabric extension or FEX. FEX is already widely used in the Cisco UCS and the Nexus 7K/5K/2K products, but I was unable to confirm the details of its use in the new launches at this time.

Cisco has either extended the VXLAN packet format with VNtag/VNLink data or used VNtag/VNLink so that its internal solution is independent of the overlay protocol. While we don't yet have deep technical detail on how the ACI technology works at the network level, I will hazard a guess that it is close to Dynamic Fabric Automation, using a specialized tag format to provide in-band tenancy data in combination with control plane state.

Today's product announcement is all about ACI strategy, the APIC controller and Nexus 9000 hardware, but integration with hypervisors remains a key topic. Both OpenStack and vCloud Director are vital product strategies that Cisco must capture in the months ahead. The Nexus 1000 software switching has some early support for APIC, but that's yet to come.

But Wait, There's More!

Cisco is also attempting to address the larger business problems relating to networking and change management. These are focused around service insertion. Cisco is emphasizing its longstanding relationships with other vendors that are pledging to support APIC in the early stages. For customers who are managing complex network services with a range of appliances, it is reassuring to know their existing investments will be maintained.

Physical and Virtual Networking

The most important element of the Cisco ACI strategy is that it creates an overlay network that is independent of the network endpoint. ACI works for businesses that want to simply automate "ports and VLANs" or that want to build a simple multi-tenant LAN system to replace complex MPLS networks. It also works for systems that use fully automated flow management and offers support for OpenStack, Hyper-V and appliance-based network services like firewalls, network taps, intrusion detection and load balancers.

For many companies, their ITIL-derived business processes make it impossible to transform their organizations and move to fully virtualized network capability. This degree of structural change breaks the foundation of ITIL modeling by transgressing service boundaries. It will take some time for customers to abandon entrenched ITIL structures that clearly will not work in this system.

One big benefit of ACI, according to Cisco, is that its integrated hardware/software model will be significantly cheaper than the software-only model. This claim is based on the entire solution, not just capital costs. Because APIC is a tool for managing the entire data center at large, TCO can be drastically reduced, says Cisco.

This is a large and multi-faceted product announcement, and this article discusses a few of the important areas. There are many other topics for each customer to evaluate against their own needs. Many customers will decide to remain with the Catalyst 6800 in a tree-based network, or opt for low-cost Layer 3 ECMP solutions using the Nexus 6000. Others will choose the Nexus 7000 to access FEX and FabricPath to deliver large Layer 2 Ethernet domains.

For customers who are considering SDN for their data centers, the Cisco ACI strategy will be arriving sometime in late 2014. That's just about enough time to get planning and budgeting -- if you hurry.